Port forwarding on Mikrotik routers

To forward a port on the Mikrotik router, you need to open the “IP” – “Firewall” menu, select the “NAT” tab and add a new rule by clicking “Add new” or “+”.

In the window that opens, you must specify the following basic parameters:

Chain: dstnat (means that the connection will go from the external network to the internal).

Protocol: protocol, tcp / udp / …

Dst. Port: destination port that will be visible from the outside (1 – 65535).

In. interface: the incoming interface on which the above port is listening, for example “ether1-gateway”.

Action: netmap

To Addresses: the IP address of the network device/computer within the network from which you want to forward ports, for example

To Ports: the port you want to forward.
I will give several examples of ports: 3389/tcp – remote desktop, 80/tcp – web server, 23/tcp – telnet, 161/udp – snmp, 22/tcp – SSH, 1433/tcp – MS SQL Server, etc. )

To access the external IP of the router from the local network, you need to add two more rules.

Chain: dstnat
Src. Address: (internal network)
Dst. Address: ip router
Protocol: tcp
Dst. Port: port
Action: dst-nat
To Addresses: ip_internal_network
To Ports: port

Chain: srcnat
Src. Address: (internal network)
Dst. Address: ip_devices_internal_net
Protocol: tcp
Dst. Port: port
Action: src-nat
To Addresses: (internal router ip)

For example, to DVR Dahua you need to forward ports: 80 tcp, 554 tcp, 37777 tcp, 37778 udp.

See also my articles:
Configure Hairpin NAT on RouterOS (Mikrotik)
Configuring Remote Access in Mikrotik Router

Leave a comment

Leave a Reply